CVE-2023-5189

Summary

A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Ansible Automation Platform 2.4 for RHEL 80:0.4.18-1.el8ap < *unaffected
Red HatRed Hat Ansible Automation Platform 2.4 for RHEL 90:0.4.18-1.el9ap < *unaffected
Red HatRed Hat Satellite 6.14 for RHEL 80:0.4.18-2.el8pc < *unaffected
Red HatRed Hat Satellite 6.14 for RHEL 80:0.4.18-2.el8pc < *unaffected
Red HatRed Hat Satellite 6.15 for RHEL 80:0.4.19-2.el8pc < *unaffected
Red HatRed Hat Satellite 6.15 for RHEL 80:0.4.19-2.el8pc < *unaffected

Weaknesses

  • CWE-23: Relative Path Traversal

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References